Cyber Incident Victim: AbbVie

The MOVEit Transfer software, a tool used by organizations globally to share sensitive data, became the center of a significant cybersecurity incident exploited by the ransomware group known as Cl0p. On or around June 27, 2023, Siemens Energy and the University of California, Los Angeles (UCLA) publicly confirmed they were among the victims of this widespread attack. The announcements came after the Cl0p hacking group had previously boasted on their website about successfully stealing data from these two institutions. The group also used their platform to claim responsibility for breaching the systems of other major corporations, including the biopharmaceutical company AbbVie Inc. and the French industrial group Schneider Electric. These claims were made public prior to the official statements from the affected organizations.

In response to these public claims by the attackers, the involved organizations initiated their investigative and response procedures. Siemens Energy conducted an internal review and determined that, despite the breach, none of its critical data had been compromised. The company further stated that its operational activities remained completely unaffected by the security incident. Similarly, UCLA investigated the claim and found that their core campus systems were not impacted by the breach. The university confirmed that the incident was isolated to the MOVEit application and that they had notified all individuals whose data was involved in the compromise. The scope and specific contents of the stolen data from both Siemens Energy and UCLA were not detailed in their public communications.

Other organizations named by the Cl0p group also began to assess the situation. Schneider Electric issued a formal statement indicating that it was actively investigating the claims made by the hackers. AbbVie Inc., however, did not provide an immediate public comment on the allegations. The Cl0p group itself did not respond to requests for comment from media outlets. The scale of the incident extended far beyond these named companies, affecting scores of corporations, governments, and other institutions over the preceding weeks. This included other major U.S. entities such as the California Public Employees' Retirement System (Calpers) and insurer Genworth Financial, which had already disclosed the prior week that personal information of their members and customers had been compromised as part of the same MOVEit hack.

The incident drew the attention of federal law enforcement. The Federal Bureau of Investigation (FBI) released a statement confirming its awareness of the situation. The agency stated it was actively investigating the recent exploitation of the vulnerability within the MOVEit software by what it described as malicious ransomware actors. This federal involvement highlighted the serious and widespread nature of the attack, which leveraged a previously unknown vulnerability in a commonly used file-transfer tool to gain access to sensitive information from a multitude of victims. The public disclosures by Siemens Energy and UCLA on June 27 represented a continuing wave of acknowledgments from organizations caught up in the attack, as the full extent of the compromise continued to be assessed.